Thunderbird 38.5.0 is now available / special notice

R Kent James kent at caspia.com
Tue Dec 29 18:46:55 UTC 2015


My understanding is that later Microsoft OSes will accept installs of 
apps signed with SHA-1 certificates for a limited amount of time, but 
only if they were signed prior to 2016-01-01. So what you describe 
applies to later Microsoft OSes, not XP SP2. That OS knows nothing of 
any of this, and has no support or SHA-2 certificates (hence will fail 
with our latest apps that are signed using SHA-2). Per Microsoft 
<http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx>:

"I am still targeting software for distribution to Windows XP SP1, SP2 
and Windows Server 2003. How might I be affected by these requirements?

The deprecation policies will not be targeted at those systems. Those 
systems however do not have SHA-2 support and no patch is available to 
add that support either. Developers can use SHA-1 code signing 
certificates and SHA-1 file hashes to sign their code. SHA-1 timestamps 
should be used as well."

and:

"Windows trusts SHA1 (if timestamped prior to 1/1/2016) and SHA-2 (any 
timestamp)" for Code Signing certificates.

Nevertheless, there seems to be a lot of confusion about what all of 
this really means.

On 12/29/2015 3:53 AM, Gervase Markham wrote:
> On 23/12/15 21:01, R Kent James wrote:
>> One possibility is to drop support completely for XP SP2 or earlier. The
>> other option is to have additional builds, signed with older
>> certificates, that will install on XP SP2 or earlier. That solution
>> might only be valid for another year or so, however.
> If you are going to make such builds, they need to exist before midnight
> on December 31st :-) You may be able to use existing builds, of course.
>
> Gerv
>
> _______________________________________________
> tb-planning mailing list
> tb-planning at mozilla.org
> https://mail.mozilla.org/listinfo/tb-planning

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20151229/280f0e5f/attachment.html>


More information about the tb-planning mailing list